Thanks to specialized toolset SecureVisio allows organizations to have a comprehensive overview of business and technical security, automates most important processes of IT security management and is a perfect solution for supporting Security Operations Center (SOC) processes.

The main components SecureVisio:

Modules

  • IT GRC Setup Wizard
  • Technical and business parameters
  • Graphical tools for documentation editing and searching
  • Automatic detection of IT systems (System Discovery)
  • Logical architecture of IT security (security devices and zones, layers of protection)
  • Diagrams of physical network (connections, switches, routers, etc.)
  • Attaching external documents
  • Defining custom parameters
  • Users and roles management
  • Best practices for security design
  • Best practices for security auditing
  • Effectiveness matrix of network safeguards
  • Effectiveness matrix of local safeguards
  • Methodology of risk assessment
  • Incident registration form (manual description)
  • Automatic processing of security alerts (Syslog Universal Parser)
  • Import and analysis of vulnerability scanners’ reports (including Nessus™, Rapid7 Nexpose™)
  • Selection of vulnerabilities based on importance to the organization
  • Automatic import of new vulnerabilities from CVE database
  • CVE compliant specification of important IT systems (OS, software)
  • Selection of vulnerabilities based on importance to the organization
  • Critical vulnerabilities report
  • Critical incidents report
  • Custom reports wizard
  • Email notifications
  • Interactive calendar
  • Export to printable form (PDF)

Tools

  • Automatic estimation of legal and business consequences of an incident
  • Automatic estimation of IT systems’ value for the organization
  • Threats specific to IT systems
  • Determine threat sources of an IT system
  • Show IT system’s protections against potential threat sources
  • Show the most exposed IT systems
  • Show location of particular data category
  • Show scope and consequences of a security incident
  • Show network areas outside the organization
  • Show protections against specific threat source
  • Show location of particular system type
  • Show systems with particular local safeguards
  • Show security management tools for security devices
  • Show security management tools for important IT systems
  • Focused on IT systems of critical importance to the organization
  • Map IT systems to business processes
  • Importance of business processes
  • Algorithm of business risk analysis
  • Show exposed IT systems of critical business importance
  • Show important IT systems vulnerable to failures
  • Show IT systems of high risk level
  • IT systems risk analysis for specific threats
  • Built-in security audit templates (e.g. PCI-DSS)
  • Custom security requirements wizard: network safeguards requirements, local safeguards requirements, security management tools requirements
  • Linking physical and logical network elements
  • Identification of Single Point of Failure
  • Activation/deactivation of network elements and IT systems
  • Show disrupted business processes
  • Logs and alerts analysis of SIEM, firewall, IPS and other safeguards (Syslog)
  • Incident identification in IT systems of critical importance to the organization
  • Firewall logs selection based on IT systems importance to the organization

Technical information

  • Virtual Appliance – VMware ESX, VMware Player
  • GUI Interface: dedicated application installed on Microsoft Windows 7, 8, 8.1 and 10; Web Interface supported on Microsoft Internet Explorer 9, 10, 11 and Firefox 4x
  • Based on the number of protected IT systems and the number of network devices
  • License extension – Threat Modeling functions, Security Audit functions
  • Starter Pack – 25 IT systems, 25 devices, all functions